Discover and read the best of Twitter Threads about #AzureKubernetesService

Most recents (2)

How a simple web-app assessment lead to complete #AzureAd tenant takeover ๐Ÿคฏ
๐Ÿงต ๐Ÿ‘‡
#Azure #AzureKubernetesService #aks #Kubernetes #KubernetesSecurity #k8s #bugbounty #bugbountytips #bugbountytip #DevSecOps
1. Poorly-designed file upload functionality lead to RCE
2. Turned out the app was running in a container managed by #AzureKubernetesService (#AKS)
3. #Container was mounting a service account with permissions to deploy #pods in the same namespace
4. I deployed a new pod with hostPath root volume. Deployment was not blocked by any security policy. #Pod got deployed
5. I exec-ed into the pod's #container and escaped it through its hostPath volume. #privesc to the #AKS node succeeded!
Read 7 tweets
๐Ÿ“ฌ My weekly thread with news, insights, and upcoming topics.

It will be a shorter thread this week. I took a few days off after #CDS22.

Today featuring #Kubernetes, #Azure, #ContainerDays, #eBPF, #OPA, and more...

A thread ๐Ÿงต
Talking about @ConDaysEU. Don't miss to check about all the news and stuff going on on Twitter.

@ConDaysEU and #CDS22 are good starting points to follow up.

I had the pleasure to deliver multiple talks.
The @kinvolkio folks shared a post on "Porting an #eBPF-based application to #arm64".

Find all the details and limitations below ๐Ÿ‘‡
kinvolk.io/blog/2022/09/pโ€ฆ
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!